In a blockchain network, ipt-onchain is a particular implementation that allows a user secure its server connections to another participants in the network by using smart contracts as a source of trust.
In this implementation a daemon listens to an ethereum smart contract which tells the node to whom to establish a secure connection.
Basically two diagrams shows how it works:
-
An admin adds/remove a new participant in the newtowrk by adding this to a permissioning smart contract:
-
The daemon (that runs on your server) realizes a new connection has been added/removed in the smart contract and updates its firewall rules:
-
Your node should expose RPC in HTTP and WS protocols.
-
You need to allow access to the ethereum node to connect in the HTTP-RPC and WS-RPC ports (in this implemetation the ethereum node is hosted on the same machine where the daemon is running):
- To interact with this project you should have deployed the smart contract to that allows you dinamically set which participants are allowed to connect. There are some permissioning smart contracts implementations out there. Particularly this project uses the Pegasys implementation. Please follow the instructions in order to deploy the smart contract in a set of nodes.
-
mkdir -p ~/ipt-project/src
-
export GOPATH=~/ipt-project
-
cd ~/ipt-project/src && git clone https://github.com/eum602/ipt-onchain.git && cd ipt-onchain
-
docker is required
-
Compiling contracts
cd pkg/onchain
chmod +x *.sh && ./main.sh
cd ../..
go get ./... && go build -o main
- Edit the environment variables on the file env.sh
vi ~/ipt-project/ipt-onchain/env.sh
export RPC_HTTP_URL=http://127.0.0.1:4545 #the RPC HTTP exposed port in your ethereum node.
export RPC_WS_URL=ws://127.0.0.1:4546 #the RPC WS exposed port in your ethereum node.
export NODE_INGRESS_CONTRACT_ADDRESS=0x0000000000000000000000000000000000009999 # please replace this address by the address corresponding to your permissioning smart contract deployment.
export ADD_DEFAULT_SECURITY_RULES=false #If set to true a new chain is added to the 'filter' table in the 'INPUT' chain
chmod +x env.sh
source env.sh
go run *.go
- Its is expected for you to have a chain "ONCHAIN" into the "filter" ip table in the INPUT chain.
- Additionally if you configured ADD_DEFAULT_SECURITY_RULES environment variable as 'true' then and additional chain "DEFAULTSECURITYRULES" will be added into the INPUT chain in the "filter" ip table.
Please feel free to contribute to this project.